WAN Load Balancing

VyOS also allows for the configuration of WAN Load Balancing. This can be used to either balance traffic between several public interfaces, or to configure failover. In these scenario we will assume that our VyOS machine has a private IP of 10.0.0.1/24 on eth0, a public IP of 23.90.55.5 on eth1 and a public IP of 23.90.76.5 on eth2.

Load Balancing traffic

VyOS can be used to load balance traffic across multiple interfaces, in this case between eth1 and eth2.

Now the load balancer needs to be configured. First we will set up the tests which determine whether an interface is active or not, starting with eth1.

edit load-balancing wan interface-health eth1

Here we create a test of rule number 10. Just like with the firewall, several rules can be specified, and will be tested sequentially. In this case we will just use a single ping test, with a target of 8.8.8.8 (one of Google's public DNS servers), with a failure-count of 3. The nexthop address needs to be also set to point towards the gateway for this interface.

set failure-count 3
set nexthop 23.90.55.1
edit test 10
set target 8.8.8.8
set type ping
top

This also needs to be repeated for eth2. We will also use 8.8.8.8 as our ping target to determine whether this interface is active or not.

Finally, we can set our load balancing rules. The rules are checked sequentially, and if matched will be carried out. We will only use one rule to balance traffic between the two interfaces. The inbound interface in this case is eth0, and we will allow all protocols through.

We can also set weights to each interface. This will dictate the percentage of traffic which flows through that interface. In this case twice as much traffic (roughly) will flow through eth1 than eth12

set interface eth1 weight 20
set interface eth2 weight 10

This completes the configuration for load balancing traffic.

commit
save

Failover

Failover can also be configured so that should an interface fail, switching can occur to prevent any significant downtime.

When failover occurs, existing sessions do not automatically fail over, resulting in a session timeout. This can be avoided by flushing connections.

set load-balancing wan flush-connections

Failover using weights

We will assume all the previous configurations are still present. Only a single line needs to be added to this to enable failover. The weights previously configured will now refer to which interface is the primary interface (the highest weighted interface is the primary). In this case eth1 will become the primary interface.

set failover
commit
save

Failover using Rule Order

Rule order can also be used to determine which interface is set as the primary. In this case we will use two rules to carry this out. First the old rule needs to be deleted.

del load-balancing wan rule 10

Now two new rules need to be created, the first one forwarding traffic through eth1, which will be our primary interface. The second rule forwards traffic through eth2. While eth1 is up, the first rule will be matched, and carried out, but if eth1 is down than the second rule will be matched and carried out.